FreeBSD Bugzilla – Attachment 219478 Details for
Bug 250971
textproc/raptor2 heap overflow
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch to fix CVE-2017-18926
raptor2.patch (text/plain), 2.70 KB, created by
Don Lewis
on 2020-11-09 01:53:14 UTC
(
hide
)
Description:
patch to fix CVE-2017-18926
Filename:
MIME Type:
Creator:
Don Lewis
Created:
2020-11-09 01:53:14 UTC
Size:
2.70 KB
patch
obsolete
>Index: textproc/raptor2/Makefile >=================================================================== >--- textproc/raptor2/Makefile (revision 554440) >+++ textproc/raptor2/Makefile (working copy) >@@ -3,7 +3,7 @@ > > PORTNAME= raptor2 > PORTVERSION= 2.0.15 >-PORTREVISION= 15 >+PORTREVISION= 16 > CATEGORIES= textproc > MASTER_SITES= http://download.librdf.org/source/ \ > SF/librdf/${PORTNAME}/${PORTVERSION} >Index: textproc/raptor2/files/patch-CVE-2017-18926 >=================================================================== >--- textproc/raptor2/files/patch-CVE-2017-18926 (nonexistent) >+++ textproc/raptor2/files/patch-CVE-2017-18926 (working copy) >@@ -0,0 +1,40 @@ >+From 590681e546cd9aa18d57dc2ea1858cb734a3863f Mon Sep 17 00:00:00 2001 >+From: Dave Beckett <dave@dajobe.org> >+Date: Sun, 16 Apr 2017 23:15:12 +0100 >+Subject: [PATCH] Calcualte max nspace declarations correctly for XML writer >+ >+(raptor_xml_writer_start_element_common): Calculate max including for >+each attribute a potential name and value. >+ >+Fixes Issues #0000617 http://bugs.librdf.org/mantis/view.php?id=617 >+and #0000618 http://bugs.librdf.org/mantis/view.php?id=618 >+--- >+ src/raptor_xml_writer.c | 7 ++++--- >+ 1 file changed, 4 insertions(+), 3 deletions(-) >+ >+diff --git src/raptor_xml_writer.c.orig src/raptor_xml_writer.c >+index 693b9468..0d3a36a5 100644 >+--- src/raptor_xml_writer.c.orig >++++ src/raptor_xml_writer.c >+@@ -181,9 +181,10 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, >+ size_t nspace_declarations_count = 0; >+ unsigned int i; >+ >+- /* max is 1 per element and 1 for each attribute + size of declared */ >+ if(nstack) { >+- int nspace_max_count = element->attribute_count+1; >++ int nspace_max_count = element->attribute_count * 2; /* attr and value */ >++ if(element->name->nspace) >++ nspace_max_count++; >+ if(element->declared_nspaces) >+ nspace_max_count += raptor_sequence_size(element->declared_nspaces); >+ if(element->xml_language) >+@@ -237,7 +238,7 @@ raptor_xml_writer_start_element_common(raptor_xml_writer* xml_writer, >+ } >+ } >+ >+- /* Add the attribute + value */ >++ /* Add the attribute's value */ >+ nspace_declarations[nspace_declarations_count].declaration= >+ raptor_qname_format_as_xml(element->attributes[i], >+ &nspace_declarations[nspace_declarations_count].length); > >Property changes on: textproc/raptor2/files/patch-CVE-2017-18926 >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=219478">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 250971
: 219478